test

Sun Enterprise Authentication Mechanism 1.0.2 Guide

Common SEAM Error Messages (N-Z)

This section provides an alphabetical list (N-Z) of common error messages for the SEAM commands, SEAM daemons, PAM framework, GSS interface, the NFS service, and the Kerberos library.


No authentication systems were enabled; all connections will be refused

Cause:

This version of rlogind does not support any authentication mechanism.

Solution:

Make sure that rlogind is invoked with the -k option. In fact, this should be the default specified in the inetd.conf file.


Server refused to negotiate encryption. Good bye.

Cause:

Encryption could not be negotiated with the server.

Solution:

Start authentication debugging by invoking the telnet command toggle encdebug and look at the debug messages for further clues.


Unable to connect with Kerberos V5 and provide encryption service


Unable to connect with Kerberos V5, using normal rlogin

Cause:

A Kerberized session could not be established with the appropriate service (kshell for rsh and rcp, eklogin or klogin for rlogin) on the server. This may be due to invalid credentials.

Solution:

  1. Make sure your credentials are valid. Destroy your tickets with kdestroy and create new tickets with kinit.

  2. Make sure the target host has a keytab with the correct version of the service key. Use kadmin(1M) to view the key version number of the service principal (for example, host/FQDN_hostname) in the Kerberos database and use klist -k on the target host to make sure it has the same key version number.

  3. Make sure there are entries for the services (klogin, eklogin, and kshell) in /etc/inetd.conf on the target host.


Unable to securely authenticate user ... exit

Cause:

Authentication could not be negotiated with the server.

Solution:

Start authentication debugging by invoking the telnet command toggle authdebug and look at the debug messages for further clues. Also, make sure you have valid credentials.


You are using an old Kerberos5 client without checksum support; only newer clients are authorized.

Cause:

Authentication with checksum was not negotiated with the client. The client may be using an old Kerberos V5 protocol that does not support initial connection support.

Solution:

Make sure the client is using a Kerberos V5 protocol that supports initial connection support.